AI PCs might solve a real problem: The 'friction' that sees users ignore security Trend Micro has outlined how it will tailor its desktop security software for AI PCs, and thinks it might improve security in ways that normal, bog-standard PCs can't match. As explained to The Register by Trend's veep for product management Eric Shulze at Computex in Taiwan today, the company's email security tools use a …
This seems rather backwards - you don't want an end-user to download an email to their machine and only then scan it for malware - you want to block it well before it gets anywhere close to their mailbox. And you definitely don't want end-users making security decisions at all.
But it is better than uploading your personal email data to a cloud somewhere, with *both* who and where-knows data retention. No thanks. Never, ever. So if its "download and scan locally" or "allow scan before download by unknown agents", I'll take "Download and scan locally" for $1000, Alex.
This is a consumer product so the goalposts are different.
For businesses I agree, it sounds entirely useless, the scanning would be carried out on the mail server and the decision about whether to train a LLM with corporate e-mails would be made by the company, not the end user.
> it could be programmed to keep it in some type of special quarantine zone until the scan is complete and then it is passed to the "main" client where the user can see and interact with it.
Could be programmed? Um, isn't that how local mail has been handled for decades? The mail daemon downloads everything, invokes whatever scanner you use, then distributes it to the local mailboxes, 'cos one of those mailboxes is the sin bin (which can be set to /dev/null), one is spam (ditto) and the scan results are what (re)sets the target mailbox appropriately...
Then you invoke your favoured mail reader, which only gets access to you mailbox(es).
What you say is true for Unix. I'm talking about Windows/Mac/iPhone/Android where 99% of people actually run email clients. (Yes I know technically Mac, iPhone and Android are Unix, but they don't run local mailers, have a mail spool, plain text mailboxes in /var/mail, etc...well maybe the Mac does but not enabled by default)
When you're running some big GUI application like Outlook you'd want the AI scanner to run in some adjacent program not within the Outlook application itself. That way you don't have to worry about buffer overflows, weird characters in headers or other types of attacks beyond ordinary "embed malware in an attachment and trick people into opening it" class of attack that scanners solve.
> . I'm talking about Windows/Mac/iPhone/Android where 99% of people actually run email clients
Do they really?
Aren't they just using a web-based mail system, either explicitly (in an identifiable browser) or near-as-damnit via an IMAP client? They aren't running a *local* mail system at all, just the last bit, the presentation client.
In both those cases, the server they connect to is doing precisely the same set of tasks as described (bulk downloading, scanning, distributing to mailboxes that can be accessed via IMAP from multiple devices and/or accessed via a web front-end client.
> you'd want the AI scanner to run in some adjacent program not within the Outlook application itself...
Oh, and even you *do* run Outlook as a POP3 client and do scanning yourself, unless ypu have managed to pick up a grossly badly written package (or are running under Windows 2.0) your ancillary tools, such as an AI scanner *are* running as separate processes from you GUI - even if they are initiated by the GUI and not running as a background daemon.
Yes, even Windows can run multiple separate processes nowadays! Upgrade today and enjoy multitasking!
"the company's email security tools use a cloud-hosted AI model that scans messages to detect threats. Uploading messages to that model is an act that means Trend Micro must comply with the European Union's General Data Protection Regulation"
Unless the description leaves something important out, this sounds weird. If it's a consumer tool, uploading emails to it (presumably by said consumer) lies entirely outside the GDPR, which only applies to businesses processing personal data. If it's a business tool, the business doing the uploading would be the party to which the regulation applies, so no 'pop-up' from Trend would be relevant. Perhaps they just mean that the service (wherever hosted) must comply with the 'adequacy' provision (or warn that it doesn't), but yet again that would only be applicable if a business were to use the service. In that case it'd be neater simply to have an EU-based replicate service that thus automatically complied.
So there seem to be quite a few simple alternative ways to solve the supposed problem without resorting to local execution of the service. My guess is that this is yet another attempt to shoehorn "AI" into a product line, and it would seem to limit (or weaken) the robustness of the tests available, as nobody but an idiot would do sandboxed live testing of attachments on the target machine.
My GP's email is filtered via Trend Micro and they suddenly stopped being able to receive any of my emails, such as prescription requests. No reason given, after it'd all been happily working for years, especially through Covid times.
Thankfully, the surgery has an alternate online prescription system, but sending responses for a remote consultation still fail, and trying to explain to the receptionist why I can't respond to her emails to me...
So I really don't care where Trend Micro process the emails, I just wish they could get it right (and that includes providing some clue as to *why* I'm now being shunned so we can fix it!).
I seem to recall Intel talking about using GPU time to scan a Windows system's DRAM, the physical memory map, routinely for malware. The idea being that the non-CPU chip can independently scan for signs of infection or bad code, provided malware doesn't get to the driver level to prevent the scanning
I can imagine that happening with AI accelerators on PCs. In fact I think that's a better use than generating summaries of emails that I'll read anyway or whatever it is Microsoft is pushing on us
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
